Add SECURITY.md so that GitHub can display it

The content matches our support article "How can I report a security vulnerability?", with tweaks to make it clearer what is or isn't in scope. https://support.signal.org/hc/en-us/articles/360007320791-How-can-I-report-a-security-vulnerability-
2024-09-19 19:42:19 +02:00 · 2021-03-17 17:52:47 -07:00 · 2021-03-17 17:52:47 -07:00 · 0a03aed588
commit 0a03aed588
parent a9417bf323
1 changed files with 9 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,9 @@
+If you've found a security vulnerability in Signal, please report it via email to
+<security@signal.org>.
+
+Please only use this address to report security flaws in the Signal application (including this
+repository). For questions, support, or feature requests concerning the app, please submit a
+[support request][] or join the [unofficial community forum][].
+
+[support request]: https://support.signal.org/hc/requests/new
+[unofficial community forum]: https://community.signalusers.org/